File Event Queries

class py42.clients.file_event.FileEventClient(session)

Bases: py42.clients.BaseClient

A client for searching file events.

See the Executing Searches User Guide to learn more about how to construct a query.

search(query)

Searches for file events matching the query criteria. REST Documentation

Parameters

query (FileEventQuery or str) – A composed FileEventQuery object or the raw query as a JSON formatted string.

Returns

A response containing the query results.

Return type

py42.response.Py42Response

class py42.sdk.queries.fileevents.file_event_query.FileEventQuery(*args, **kwargs)

Bases: py42.sdk.queries.BaseQuery

Helper class for building Code42 Forensic Search queries.

A FileEventQuery instance’s all() and any() take one or more FilterGroup objects to construct a query that can be passed to the FileEventClient.search() method. all() returns results that match all of the provided filter criteria, any() will return results that match any of the filters.

For convenience, the FileEventQuery constructor does the same as all().

Usage example:

email_filter = EmailSender.is_in(["test.user@example.com", "test.sender@example.com"])
exposure_filter = ExposureType.exists()

query = FileEventQuery.all(email_filter, exposure_filter)

Filter Classes

The following classes construct filters for file event queries. Each filter class corresponds to a file event detail. Call the appropriate classmethod on your desired filter class with the value you want to match and it will return a FilterGroup object that can be passed to FileEventQuery’s all() or any() methods to create complex queries that match multiple filter rules.

Example:

To search for events observed for certain set of documents, you can use the FileName and MD5 filter classes to construct FilterGroups that will search for matching filenames or (in case someone renamed the sensitive file) the known MD5 hashes of the files:

filename_filter = FileName.is_in(['confidential_plans.docx', 'confidential_plan_projections.xlsx'])
md5_filter = MD5.is_in(['133765f4fff5e3038b9352a4d14e1532', 'ea16f0cbfc76f6eba292871f8a8c794b'])

See Executing Searches for more on building search queries.

Event Filters

class py42.sdk.queries.fileevents.filters.event_filter.EventTimestamp

Bases: py42.sdk.queries.query_filter.QueryFilterTimestampField

Class that filters events based on the timestamp of the event that occurred.

classmethod in_range(start_value, end_value)

Returns a FilterGroup to find events where the filter timestamp is in range between the provided start_value and end_value.

classmethod on_or_after(value)

Returns a FilterGroup to find events where the filter timestamp is on or after the provided value.

classmethod on_or_before(value)

Returns a FilterGroup to find events where the filter timestamp is on or before the provided value.

classmethod on_same_day(value)

Returns a FilterGroup to find events where the filter timestamp is within the same calendar day as the provided value.

class py42.sdk.queries.fileevents.filters.event_filter.EventType

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters file events based on event type.

Available event types are provided as class attributes:

  • EventType.CREATED

  • EventType.DELETED

  • EventType.EMAILED

  • EventType.MODIFIED

  • EventType.READ_BY_APP

Example:

filter = EventType.isin([EventType.READ_BY_APP, EventType.EMAILED])
classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.event_filter.InsertionTimestamp

Bases: py42.sdk.queries.query_filter.QueryFilterTimestampField

Class that filters events based on the timestamp of when the event was actually added to the event store (which can be after the event occurred on the device itself).

value must be a POSIX timestamp. (see the Dates section of the Basics user guide for details on timestamp arguments in py42)

classmethod in_range(start_value, end_value)

Returns a FilterGroup to find events where the filter timestamp is in range between the provided start_value and end_value.

classmethod on_or_after(value)

Returns a FilterGroup to find events where the filter timestamp is on or after the provided value.

classmethod on_or_before(value)

Returns a FilterGroup to find events where the filter timestamp is on or before the provided value.

classmethod on_same_day(value)

Returns a FilterGroup to find events where the filter timestamp is within the same calendar day as the provided value.

class py42.sdk.queries.fileevents.filters.event_filter.Source

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

File Filters

class py42.sdk.queries.fileevents.filters.file_filter.FileCategory

Bases: py42.sdk.queries.query_filter.QueryFilterStringField

Class that filters events by category of the file observed.

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.file_filter.FileName

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events by the name of the file observed.

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.file_filter.FileOwner

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events by the owner of the file observed.

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.file_filter.FilePath

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events by path of the file observed.

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.file_filter.FileSize

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterComparableField

Class that filters events by size of the file observed.

Size value must be bytes.

classmethod greater_than(value)

Returns a FilterGroup to find events where filter data is greater than the provided value.

classmethod less_than(value)

Returns a FilterGroup to find events where filter data is less than than the provided value.

class py42.sdk.queries.fileevents.filters.file_filter.MD5

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events by the MD5 hash of the file observed.

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.file_filter.SHA256

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events by SHA256 hash of the file observed.

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

Device Filters

class py42.sdk.queries.fileevents.filters.device_filter.DeviceUsername

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events by the Code42 username of the device that observed the event.

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.device_filter.OSHostname

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events by hostname of the device that observed the event.

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.device_filter.PrivateIPAddress

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events by private (LAN) IP address of the device that observed the event.

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.device_filter.PublicIPAddress

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events by public (WAN) IP address of the device that observed the event.

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

Cloud Filters

class py42.sdk.queries.fileevents.filters.cloud_filter.Actor

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events by the cloud service username of the event originator (applies to cloud data source events only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.cloud_filter.DirectoryID

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events by unique identifier of the cloud drive or folder where the event occurred (applies to cloud data source events only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.cloud_filter.Shared

Bases: py42.sdk.queries.query_filter.QueryFilterBooleanField

Class that filters events by the shared status of the file at the time the event occurred (applies to cloud data source events only).

classmethod is_false()

Returns a FilterGroup to find events where the filter state is False.

classmethod is_true()

Returns a FilterGroup to find events where the filter state is True.

class py42.sdk.queries.fileevents.filters.cloud_filter.SharedWith

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events by the list of users who had been granted access to the file at the time of the event (applies to cloud data source events only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.cloud_filter.SharingTypeAdded

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters results to include events where a file’s sharing permissions were changed to a value that increases exposure (applies to cloud data source events only).

Available options provided as class attributes:
  • SharingTypeAdded.SHARED_VIA_LINK

  • SharingTypeAdded.IS_PUBLIC

  • SharingTypeAdded.OUTSIDE_TRUSTED_DOMAIN

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

Exposure Filters

class py42.sdk.queries.fileevents.filters.exposure_filter.ExposureType

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events based on exposure type.

Available options are provided as class attributes:
  • ExposureType.SHARED_VIA_LINK

  • ExposureType.SHARED_TO_DOMAIN

  • ExposureType.APPLICATION_READ

  • ExposureType.CLOUD_STORAGE

  • ExposureType.REMOVABLE_MEDIA

  • ExposureType.IS_PUBLIC

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.exposure_filter.ProcessName

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events based on the process name involved in the exposure (applies to read by browser or other app events only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.exposure_filter.ProcessOwner

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events based on the process owner that was involved in the exposure (applies to read by browser or other app events only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaName

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events based on the name of the removable media involved in the exposure (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaVendor

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events based on the vendor of the removable media device involved in the exposure (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaMediaName

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events based on the name of the removable media (as reported by the vendor/device, usually very similar to RemovableMediaName) involved in the exposure (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaVolumeName

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events based on the name of the formatted volume (as reported by the operating system) of the removable media device involved in the exposure (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaPartitionID

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events based on the unique identifier assigned (by the operating system) to the removable media involved in the exposure (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.exposure_filter.RemovableMediaSerialNumber

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events based on the serial number of the connected hardware as reported by the operating system (applies to removable media events only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.exposure_filter.SyncDestination

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events based on the name of the cloud service the file is synced with (applies to synced to cloud service events only).

Available options are provided as class attributes:
  • SyncDestination.ICLOUD

  • SyncDestination.BOX

  • SyncDestination.BOX_DRIVE

  • SyncDestination.GOOGLE_DRIVE

  • SyncDestination.GOOGLE_BACKUP_AND_SYNC

  • SyncDestination.DROPBOX

  • SyncDestination.ONEDRIVE

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.exposure_filter.TabURL

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events based on the URL of the active browser tab at the time the file contents were read by the browser (applies to read by browser or other app events only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.exposure_filter.WindowTitle

Bases: py42.sdk.queries.fileevents.file_event_query.FileEventFilterStringField

Class that filters events based on the name of the browser tab or application window that was open when a browser or other app event occurred (applies to read by browser or other app events only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod exists()

Returns a FilterGroup to find events where filter data exists.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_exists()

Returns a FilterGroup to find events where filter data does not exist.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

Email Filters

class py42.sdk.queries.fileevents.filters.email_filter.EmailPolicyName

Bases: py42.sdk.queries.query_filter.QueryFilterStringField

Class that filters events based on the email DLP policy that detected this file (applies to emails sent via Microsoft Office 365 only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.email_filter.EmailSubject

Bases: py42.sdk.queries.query_filter.QueryFilterStringField

Class that filters events based on the email’s subject (applies to email events only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.email_filter.EmailRecipients

Bases: py42.sdk.queries.query_filter.QueryFilterStringField

Class that filters events based on the email’s recipient list (applies to email events only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.email_filter.EmailSender

Bases: py42.sdk.queries.query_filter.QueryFilterStringField

Class that filters events based on the email’s sender (applies to email events only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.

class py42.sdk.queries.fileevents.filters.email_filter.EmailFrom

Bases: py42.sdk.queries.query_filter.QueryFilterStringField

Class that filters events based on the display name of the email’s sender, as it appears in the “From:” field in the email (applies to email events only).

classmethod eq(value)

Returns a FilterGroup to find events where the filter equals the provided value.

Parameters

value (str) – The value to match file events on.

classmethod is_in(value_list)

Returns a FilterGroup to find events where the filter is in the provided value_list.

Parameters

value_list (list) – The list of values to match file events on.

classmethod not_eq(value)

Returns a FilterGroup to find events where the filter is not equal to the provided value.

Parameters

value (str) – The value to exclude file events on.

classmethod not_in(value_list)

Returns a FilterGroup to find events where the filter is not in the provided value_list.

Parameters

value_list (list) – The list of values to exclude file events on.